Dec 20, 2012 · Shorewall recognizes the firewall system as its own zone. The name of the zone designating the firewall itself (usually ‘fw’ as shown in the above file) is stored in the shell variable $FW which may be used throughout the Shorewall configuration to refer to the firewall zone.
The /etc/shorewall/zones file declares your network zones. You specify the hosts in each zone through entries in /etc/shorewall/interfaces or /etc/shorewall/hosts. The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax). The /etc/shorewall6/zones file declares your network zones. You specify the hosts in each zone through entries in /etc/shorewall6/interfaces or /etc/shorewall6/hosts. The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax). bport (or bport4) The zone is associated with one or more ports on a single bridge. vserver Added in Shorewall 4.4.11 Beta 2 - A zone composed of Linux-vserver guests. The zone contents must be defined in shorewall-hosts (5). Vserver zones are implicitly handled as subzones of the firewall zone. Example: #ZONE TYPE OPTIONS IN OPTIONS OUT OPTIONS a ip b ip c:a,b ip Currently, Shorewall uses this information to reorder the zone list so that parent zones appear after their subzones in the list. The IMPLICIT_CONTINUE option in shorewall.conf [1](5) can also create implicit CONTINUE policies to/from the subzone.
Eventually it will be assigned as a zone in Shorewall. eth1 is planned to serve the network management devices (e.g. switches, routers, etc.) on the network. I had planned to use the 192.168.110.0/24 subnet for these devices. eth2 is planned to serve the local client devices on the network.
Dec 20, 2012 · Shorewall recognizes the firewall system as its own zone. The name of the zone designating the firewall itself (usually ‘fw’ as shown in the above file) is stored in the shell variable $FW which may be used throughout the Shorewall configuration to refer to the firewall zone. Description In shorewall-zones(5), a zone may be declared to The child-zonemay be neither the firewall zone nor a vserver zone. may not appear as a parent zone, although all vserver zones are handled as sub-zones of the firewall zone.
The /etc/shorewall/zones file declares your network zones. You specify the hosts in each zone through entries in /etc/shorewall/interfaces or /etc/shorewall/hosts. The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax).
Shorewall generates rules for zones in the order that the zone declarations appear in /etc/shorewall/zones unless you modify the processing order using the explicit child-zone: parent-zone syntax, in which case the child zone rules are generated first. Beginning with Shorewall 4.5.17, if you specify a zone for the 'lo' interface, then that zone must be defined as type local in shorewall6-zones(5). BROADCAST (Optional) - {-| detect | address [, address]} Only available if FORMAT 1.